sl-firmware
fa75c442a7
Archive STM32 firmware to legacy/stm32/: - src/, include/, lib/USB_CDC/, platformio.ini, test stubs, flash_firmware.py - test/test_battery_adc.c, test_hw_button.c, test_pid_schedule.c, test_vesc_can.c, test_can_watchdog.c - USB_CDC_BUG.md Rename: stm32_protocol → esp32_protocol, mamba_protocol → balance_protocol, stm32_cmd_node → esp32_cmd_node, stm32_cmd_params → esp32_cmd_params, stm32_cmd.launch.py → esp32_cmd.launch.py, test_stm32_protocol → test_esp32_protocol, test_stm32_cmd_node → test_esp32_cmd_node Content cleanup across all files: - Mamba F722S → ESP32-S3 BALANCE - BlackPill → ESP32-S3 IO - STM32F722/F7xx → ESP32-S3 - stm32Mode/Version/Port → esp32Mode/Version/Port - STM32 State/Mode labels → ESP32 State/Mode - Jetson Nano → Jetson Orin Nano Super - /dev/stm32 → /dev/esp32 - stm32_bridge → esp32_bridge - STM32 HAL → ESP-IDF docs/SALTYLAB.md: - Update "Drone FC Details" to describe ESP32-S3 BALANCE board (Waveshare ESP32-S3 Touch LCD 1.28) - Replace verbose "Self-Balancing Control" STM32 section with brief note pointing to SAUL-TEE-SYSTEM-REFERENCE.md TEAM.md: Update Embedded Firmware Engineer role to ESP32-S3 / ESP-IDF No new functionality — cleanup only. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
66 lines
1.8 KiB
C
66 lines
1.8 KiB
C
#ifndef SAFETY_H
|
|
#define SAFETY_H
|
|
|
|
#include <stdint.h>
|
|
#include <stdbool.h>
|
|
|
|
/*
|
|
* SaltyLab Safety Systems
|
|
*
|
|
* Covers:
|
|
* - IWDG hardware watchdog (MCU reset if main loop hangs)
|
|
* - RC signal timeout monitoring
|
|
* - Tilt fault alert via buzzer
|
|
* - Arm hold interlock (must hold arm for ARMING_HOLD_MS)
|
|
* - Remote e-stop over 4G MQTT (CDC 'E'/'F'/'Z' commands)
|
|
*/
|
|
|
|
typedef enum {
|
|
ESTOP_CLEAR = 0,
|
|
ESTOP_TILT = 1,
|
|
ESTOP_RC_KILL = 2,
|
|
ESTOP_REMOTE = 3,
|
|
ESTOP_CELLULAR_TIMEOUT = 4,
|
|
} EstopSource;
|
|
|
|
/*
|
|
* safety_init() — call once in main() after HAL_Init().
|
|
* Starts IWDG with WATCHDOG_TIMEOUT_MS timeout from config.h.
|
|
* Starts ARMING_HOLD_MS countdown from config.h.
|
|
*/
|
|
void safety_init(void);
|
|
|
|
/*
|
|
* safety_refresh() — call every main loop iteration.
|
|
* Resets IWDG counter. If not called within WATCHDOG_TIMEOUT_MS,
|
|
* the MCU will reset (independent of software — cannot be disabled).
|
|
*/
|
|
void safety_refresh(void);
|
|
|
|
/*
|
|
* safety_rc_alive() — returns true if RC receiver has sent a frame
|
|
* within RC_TIMEOUT_MS. Call from the balance loop.
|
|
*/
|
|
bool safety_rc_alive(uint32_t now);
|
|
|
|
/*
|
|
* safety_alert_tilt_fault() — one-shot buzzer beep for tilt fault.
|
|
* Safe to call repeatedly; only fires once per fault.
|
|
*/
|
|
void safety_alert_tilt_fault(bool faulted);
|
|
|
|
/*
|
|
* safety_arm_interlock() — returns true once arm button has been
|
|
* held for ARMING_HOLD_MS from the moment safety_arm_start() was called.
|
|
*/
|
|
void safety_arm_start(uint32_t now); /* Call when arm requested */
|
|
bool safety_arm_ready(uint32_t now); /* Poll until true, then arm */
|
|
void safety_arm_cancel(void); /* Cancel pending arm */
|
|
|
|
void safety_remote_estop(EstopSource src);
|
|
void safety_remote_estop_clear(void);
|
|
EstopSource safety_get_estop(void);
|
|
bool safety_remote_estop_active(void);
|
|
|
|
#endif /* SAFETY_H */
|